[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 10 20:12:11 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6000b06 by security tracker role at 2025-02-10T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,134 @@
-CVE-2025-21693 [mm: zswap: properly synchronize freeing resources during CPU hotunplug]
+CVE-2025-25247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25188 (Hickory DNS is a Rust based DNS client, server, and resolver. A vulner ...)
+ TODO: check
+CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
+ TODO: check
+CVE-2025-24892 (OpenProject is open-source, web-based project management software. In ...)
+ TODO: check
+CVE-2025-24200 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2025-24031 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificat ...)
+ TODO: check
+CVE-2025-24016 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2025-1193 (Improper host validation in the certificate validation component in De ...)
+ TODO: check
+CVE-2025-1175 (Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, K ...)
+ TODO: check
+CVE-2025-1155 (A vulnerability, which was classified as problematic, was found in Web ...)
+ TODO: check
+CVE-2025-1154 (A vulnerability, which was classified as critical, has been found in x ...)
+ TODO: check
+CVE-2025-1153 (A vulnerability classified as problematic was found in GNU Binutils 2. ...)
+ TODO: check
+CVE-2025-1152 (A vulnerability classified as problematic has been found in GNU Binuti ...)
+ TODO: check
+CVE-2025-1151 (A vulnerability was found in GNU Binutils 2.43. It has been rated as p ...)
+ TODO: check
+CVE-2025-1150 (A vulnerability was found in GNU Binutils 2.43. It has been declared a ...)
+ TODO: check
+CVE-2025-1149 (A vulnerability was found in GNU Binutils 2.43. It has been classified ...)
+ TODO: check
+CVE-2025-1148 (A vulnerability was found in GNU Binutils 2.43 and classified as probl ...)
+ TODO: check
+CVE-2025-1147 (A vulnerability has been found in GNU Binutils 2.43 and classified as ...)
+ TODO: check
+CVE-2025-1099 (The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi secur ...)
+ TODO: check
+CVE-2024-8685 (Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi ...)
+ TODO: check
+CVE-2024-8684 (OS Command Injection vulnerability in Revolution Pi version 2022-07-28 ...)
+ TODO: check
+CVE-2024-8550 (A Local File Inclusion (LFI) vulnerability exists in the /load-workflo ...)
+ TODO: check
+CVE-2024-57409 (A stored cross-site scripting (XSS) vulnerability in the Parameter Lis ...)
+ TODO: check
+CVE-2024-57408 (An arbitrary file upload vulnerability in the component /comm/upload o ...)
+ TODO: check
+CVE-2024-57407 (An arbitrary file upload vulnerability in the component /userPicture o ...)
+ TODO: check
+CVE-2024-57178 (An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020 ...)
+ TODO: check
+CVE-2024-57177 (A host header injection vulnerability exists in the NPM package of per ...)
+ TODO: check
+CVE-2024-54954 (OneBlog v2.3.6 was discovered to contain a template injection vulnerab ...)
+ TODO: check
+CVE-2024-48170 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2024-46437 (A sensitive information disclosure vulnerability in the Tenda W18E V16 ...)
+ TODO: check
+CVE-2024-46436 (Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenti ...)
+ TODO: check
+CVE-2024-46435 (A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web ...)
+ TODO: check
+CVE-2024-46434 (Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the ...)
+ TODO: check
+CVE-2024-46433 (A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) all ...)
+ TODO: check
+CVE-2024-46432 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. ...)
+ TODO: check
+CVE-2024-46431 (Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attac ...)
+ TODO: check
+CVE-2024-46430 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. ...)
+ TODO: check
+CVE-2024-46429 (A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) a ...)
+ TODO: check
+CVE-2024-42513 (Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 all ...)
+ TODO: check
+CVE-2024-42512 (Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 all ...)
+ TODO: check
+CVE-2024-27859 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-13059 (A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 a ...)
+ TODO: check
+CVE-2024-13011 (The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2024-13010 (The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The vulnerability occurs ...)
+ TODO: check
+CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop Manager o ...)
+ TODO: check
+CVE-2024-10649 (wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d co ...)
+ TODO: check
+CVE-2024-10334 (A vulnerability exists in the VideONet product included in the listed ...)
+ TODO: check
+CVE-2025-21693 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/12dcb0ef540629a281533f9dedc1b6b8e14cfb65 (6.13)
-CVE-2025-21692 [net: sched: fix ets qdisc OOB Indexing]
+CVE-2025-21692 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
NOTE: https://git.kernel.org/linus/d62b04fca4340a0d468d7853bd66e511935a18cb (6.14-rc1)
-CVE-2025-21691 [cachestat: fix page cache statistics permission checking]
+CVE-2025-21691 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5f537664e705b0bf8b7e329861f20128534f6a83 (6.14-rc1)
-CVE-2025-21690 [scsi: storvsc: Ratelimit warning logs to prevent VM denial of service]
+CVE-2025-21690 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
NOTE: https://git.kernel.org/linus/d2138eab8cde61e0e6f62d0713e45202e8457d6d (6.14-rc1)
-CVE-2025-21689 [USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()]
+CVE-2025-21689 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
NOTE: https://git.kernel.org/linus/575a5adf48b06a2980c9eeffedf699ed5534fade (6.14-rc1)
-CVE-2025-21688 [drm/v3d: Assign job pointer to NULL before signaling the fence]
+CVE-2025-21688 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
NOTE: https://git.kernel.org/linus/6e64d6b3a3c39655de56682ec83e894978d23412 (6.14-rc1)
-CVE-2025-21687 [vfio/platform: check the bounds of read/write syscalls]
+CVE-2025-21687 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
NOTE: https://git.kernel.org/linus/ce9ff21ea89d191e477a02ad7eabf4f996b80a69 (6.14-rc1)
-CVE-2025-21686 [io_uring/rsrc: require cloned buffers to share accounting contexts]
+CVE-2025-21686 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/19d340a2988d4f3e673cded9dde405d727d7e248 (6.14-rc1)
-CVE-2024-57950 [drm/amd/display: Initialize denominator defaults to 1]
+CVE-2024-57950 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.12-1
NOTE: https://git.kernel.org/linus/36b23e3baf9129d5b6c3a3a85b6b7ffb75ae287c (6.13)
CVE-2025-21685 (In the Linux kernel, the following vulnerability has been resolved: p ...)
@@ -283,7 +379,7 @@ CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buff
NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork compone ...)
TODO: check
-CVE-2025-24032
+CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificat ...)
- pam-pkcs11 0.6.13-1
NOTE: https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48 (pam_pkcs11-0.6.13)
NOTE: https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e (pam_pkcs11-0.6.13)
@@ -361,14 +457,14 @@ CVE-2024-13492 (The Guten Free Options WordPress plugin through 0.9.5 does not s
NOT-FOR-US: WordPress plugin
CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12243
+CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data pr ...)
[experimental] - gnutls28 3.8.9-1
- gnutls28 3.8.9-2
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892 (3.8.9)
-CVE-2024-12133
+CVE-2024-12133 (A flaw in libtasn1 causes inefficient handling of specific certificate ...)
- libtasn1-6 4.20.0-1 (bug #1095406)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/52
@@ -2926,6 +3022,7 @@ CVE-2025-24537 (Cross-Site Request Forgery (CSRF) vulnerability in The Events Ca
CVE-2025-24533 (Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24368 (Cacti is an open source performance and fault management framework. So ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
NOTE: Backend fixed by: https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e (release/1.2.27)
@@ -2934,6 +3031,7 @@ CVE-2025-24368 (Cacti is an open source performance and fault management framewo
NOTE: Frontend regression: https://github.com/Cacti/cacti/issues/6090
NOTE: Frontend fix optional: https://github.com/Cacti/cacti/pull/6094#issuecomment-2643321503
CVE-2025-24367 (Cacti is an open source performance and fault management framework. An ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-4 (bug #1094574; unimportant)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -2973,6 +3071,7 @@ CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
NOT-FOR-US: matrix-hookshot
CVE-2025-22604 (Cacti is an open source performance and fault management framework. Du ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3063,6 +3162,7 @@ CVE-2024-54146 (Cacti is an open source performance and fault management framewo
NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
CVE-2024-54145 (Cacti is an open source performance and fault management framework. Ca ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3079,6 +3179,7 @@ CVE-2024-48417 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnera
CVE-2024-48416 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to ...)
NOT-FOR-US: Edimax
CVE-2024-45598 (Cacti is an open source performance and fault management framework. Pr ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -5951,7 +6052,7 @@ CVE-2024-55511 (A null pointer dereference vulnerability in Macrium Reflect prio
NOT-FOR-US: Macrium Reflect
CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC Connector for H ...)
NOT-FOR-US: Cloudera JDBC Connector for Haadoop
-CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+CVE-2024-54658 (The issue was addressed with improved memory handling. This issue is f ...)
{DSA-5684-1}
- webkit2gtk 2.44.0-1
- wpewebkit 2.44.1-1
@@ -7708,7 +7809,7 @@ CVE-2024-12747 (A flaw was found in rsync. This vulnerability arises from a race
- rsync 3.3.0+ds1-3
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commit;h=0590b09d9a34ae72741b91ec0708a820650198b0 (v3.4.0)
-CVE-2024-12088 (A flaw was found in rsync. When using the `--safe-links` option, rsync ...)
+CVE-2024-12088 (A flaw was found in rsync. When using the `--safe-links` option, the r ...)
{DSA-5843-1 DLA-4015-1}
- rsync 3.3.0+ds1-3
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
@@ -36403,21 +36504,25 @@ CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local attacker
CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-43365 (Cacti is an open source performance and fault management framework. Th ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 (release/1.2.28)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 (release/1.2.28)
CVE-2024-43364 (Cacti is an open source performance and fault management framework. Th ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 (release/1.2.28)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 (release/1.2.28)
CVE-2024-43363 (Cacti is an open source performance and fault management framework. An ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-1 (unimportant)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/3adc71a2b97506bf26c21935e1e6f30d58fe88e3 (release/1.2.28)
NOTE: Negligible security impact as exploitability depends on writable web root for cacti
CVE-2024-43362 (Cacti is an open source performance and fault management framework. Th ...)
+ {DSA-5862-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/3f64e7c1a63e36d0e826c34f05ad20b6683b27ff (release/1.2.28)
@@ -75836,6 +75941,7 @@ CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was
CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scr ...)
NOT-FOR-US: Sourcecodester School Task Manager
CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...)
+ {DSA-5862-1}
- cacti 1.2.27+ds1-1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
NOTE: GitHub GHSA: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6000b067969c6a49b7b38149a5661c58933f817
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6000b067969c6a49b7b38149a5661c58933f817
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250210/80553377/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list